cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1465
Views
5
Helpful
5
Replies

Dual ISP configuration

rgbatucan
Level 1
Level 1

We’re having new satellite connection; the reason for this is to minimize cost. Please see below for network setup.

network setup1.jpg

We want the primary connection going to internet is Gw2 (satellite) but if it reaches to 80% of bandwidth that’s the time the Gw1 will be opened. Is this possible in our setup? What configuration should be in GW1 & Gw2? Could anybody advise what the best solution is? Our goal is to minimize cost from rocketing prices to Gw1. Thanks.

5 Replies 5

Florin Barhala
Level 6
Level 6

There are two issues:

- how is the local LAN see this

- how will you switchover between the connections.

1. For the local LAN you can:

- run GLBP between routers

- bring the BOTH connections to one router

- add a 3rd router that will run EIGRP with both front routers; this way you can do unequal load balance for Internet connection.

2. Depends of the 1st part, decide upon one solution then we will move on.

Actually there's a provision for Cisco ASA between switch and corporate network. So this firewall control the load balancing and fail over?

m.glosson
Level 1
Level 1

There are a lot of ins and outs of a solution like this that are difficult to outline in a simple response. Simple "outbound" (requests for services coming from inside clients destined for external resources) failover is easiest, simple outbound load balancing is also possible without too much complication. Inbound services are much trickier if you're not employing BGP.

You can probably find a lot of articles online about doing something like this, but I have set this type of thing up in the past like this:

  • Simple failover
    • The router connected to the "main ISP" is the default gateway for the firewall, or directly for the users if there is no firewall (or the router is acting as the firewall).
    • That router watches it's next-hop (the main ISP) using an ip sla responder and a tracking instance, which can be tied to the default route
    • A backup default route with a higher admin distance gets put in if the tracking instance fails
    • NAT traffic at the router when it's destined to flow through the secondary ISP
  • Basic load balancing
    • If you have a firewall inside of the router, NAT half of your traffic behind one address, and the other half behind a different address (what you determine "half" to be is up to you). If you don't have a firewall or the router is your firewall, just pick half your traffic in the "traffic match" section of the PBR which I mention next.
    • Use a normal default route on the router, but use PBR to send one of the PAT addresses to a particular next-hop router out a particular interface.
    • Use NAT on the router to re-write that traffic when it goes out that alternative interface.
    • Use the same ip sla/tracking tricks for failover
  • As for your question about the "80% congested thing," you'll have to get a little more creative. You can use EEM to watch the interfaces load, but there a lot of other cautions I would give you about an approach like this. For example, what happens when it dips back below 80% congestion? You can't just swing the traffic over without killing all your active sessions, because they would NAT behind a different device. I often, in my work, refer to the quote from Jurassic Park, "Your scientists were so preoccupied with whether or not they could, they didn't stop to think if they should." Be careful you don't fall into that camp.

Cisco routers have a lot of cool, flexible features and using EEM, ip  sla, tracking, and other tricks you can make some pretty cool things happen. But  it also makes for a complicated, often convoluted configuration. On the other hand, there are products from other manufacturers made for this exact purpose. A few examples are Radware Linkproof, Fatpipe XTREME, (and F5 probably has a product for this, but I'm sure it will cost way too much for the average small business).

Cheers,

Matt

Great post from Matt, that I've rated. The OP should do the same, and hire a reputable consultant for the setup.

Marwan ALshawi
VIP Alumni
VIP Alumni

Hi

There r several ways to get this done

Like using EEM,ipsla for example

However one of the nice and intelligent features in cisco iOS is th Performance routing PfR this feature helps u to combine routing and ipsla capabilities together in more elegant way to achieve multiple ISP solutions and urs is one example

Please check the documents sections in this forum and look for PfR doc and dual ISP with pbr doc which i put simple examples there good to start with

Good luck

Sent from Cisco Technical Support iPhone App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco